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DETAILED ACTION 



This is a response to the following case application: 
Non-provisional Application: 10/796690 filed on March 8, 2004. 
Claims 1-25 are pending. 

Claim Rejections - 35 USC § 102 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

1. Claim 1, and 3-9 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Mackay et al. [US PN 7107448 B1]. 

Regarding claim 1, MacKay et al. teach a method for safely executing downloaded code 
on a computer system comprising: accessing an application process wherein said 
application process makes a system call to a library of said computer system for a 
resource, establishing a requesting thread [Application to be governed running on a 
computer system, as such, application process is being accessed. Application makes 
calls to a modified version of host system's file I/O API, which are handled by a library. 
(Col 7, Ln 48-50), (Col 8, Ln 16-19)]; sending a request message from said library to a 
local security filter [A mediator/shim re-implements the actual file I/O calls through a 
filter (Col 9, Ln 4-5)]; validating said requesting thread at said local security filter and 
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returning a digital signature that uniquely identifies said requesting thread to said 
application process [Mediator/shim allows verification and validation of requesting 
thread through possession of valid certificate. Original certificate is returned to 
requesting thread. (Col 9, Ln 4-15)]; and making a system call from said application 
process to a kernel of said computer system wherein said kernel uses said digital 
signature from said security filter to validate said requesting thread before allowing 
access to said resource [Application makes standard call to Governance Engine which 
inherently resides in Kernel space since it is heavily involved with system I/O calls (Fig 
3c, Itm 360). Governance Engine checks credentials (Col 9, Ln 23-26).] 

Regarding claim 3, Mackay et al. teach the method as recited in claim 1 wherein said 
library is a standard ntdll.dll library ["ntdll.dll" library is inherently in Windows platform 
(Col 8, Ln 66).]. 

Regarding claim 4, Mackay et al. teaches the method as recited in Claim 1 further 
comprising: restricting said security filter to an address space that is not accessible by 
said application [Governance engine may be in the form of a digital rights management 
application may be installed in a PC as such it is inherent that that there will be program 
code regarding kernel security residing in kernel space. InterTrust's Inter Rights Point 
software or Right/System software teaches storing in secure electronic container and/or 
protected database. (Col 4, Ln 65), (Col 9, Ln 18-19)]. 
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Regarding claim 5, Mackay et al. teach the method as recited in Claim 1 further 
comprising: said kernel denying access to said resource if said digital signature can not 
be validated [Col 1 0, Ln 50-52]. 

Regarding claim 6, Mackay et al. teach the method as recited in Claim 1 further 
comprising: downloading executable code initiating said application process [Col 1 , Ln 
36-42]. 

Regarding claim 7, Mackay et al. teach the method as recited in Claim 1 further 
comprising: modifying said kernel such that only system calls that pass through 
said local library are allowed by said kernel [Presence of governance engine and 
modified system calls inherently modifies said kernel (Col 8, Ln 38-67).] 

Regarding claim 8, Mackay et al. teach the method as recited in Claim 1 further 
comprising: restricting access of said application process to said resource for one 
command based on said digital signature [Col 9, Ln 42-43]. 

Regarding claim 9, Mackay et al. teach the method as recited in Claim 8 further 
comprising: restricting access of said application process to said resource for one 
time based on said digital signature ["One time use" is based on "expiring" credentials. 
(Col 11, Ln 31-34)]. 
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2. Claims 10-14, and 17-19 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Charbonneau [US Pub No 2003/0074567 A1]. 

Regarding claim 10, Charbonneau teaches a method for determining the source 
[whether authorized or unauthorized (abstract)] of a resource request comprising: 
accessing a resource request associated with an application [Untrusted application 
requests for a user data file, instantiates/initiates an action requiring a password (Page 

3, Par 0035), thereby, such a resource [data file] request is being "accessed/executed" 
by the computer system.]; routing said resource request to a security filter, said security 
filter comprising a validation secret [Password authorization system is a type of security 
filter and there is a hash generator with a pre-determined hashing algorithm (Page 3, 
Par 0035).]; validating said resource request at said security filter [Secure user- 
authorization system compares the provided sample with a template retrieved from a 
user verification database for identity verification.] and generating a first check value 
associated with said resource request using said validation secret [When verified as 
secure state, hash values are generated and stored (Page 3 Par 0035).]; routing said 
resource request to a system kernel wherein said system kernel comprises said 
validation secret [Resource request will be further validated and as such, it is inherent 
that the Kernel is involved.]; generating a second check value associated with said 
resource request based on said validation secret at said system kernel [Hash generator 
accesses data stored in one of memory location and using pre-determined hashing 
algorithm determines a unique hash signature for current state of applications funing 
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with computer system. (Page 3, Par 0035)]; and allowing access to said resource if 
said first check value and said second check value match [Hash verifier performs 
comparison and fulfills request if verified (Page 3, Par 0035).]. 

Regarding claim 11, Charbonneau teach the method as recited in Claim 10 further 
comprising: denying access to said resource if said first check value and said second 
check value are different [Page 4, Par 0042]. 

Regarding claim 12, Charbonneau teach the method as recited in Claim 10 further 
comprising: storing said first check value in a secure address space that is not 
accessible to said application [Private key being part of a first check value is stored that 
is not accessible outside of the trusted group of applications (Page 3, Par 0037).]. 

Regarding claim 13, Charbonneau teach the method as recited in Claim 12 further 
comprising: said system kernel retrieving said first check value from said secure 
address space [Kernel acts upon the hash verifier which includes retrieving keys and 
hash values for verification (Page 3, Par 0035).]. 

Regarding claim 14,Charbonneau teach the method as recited in Claim 10 wherein said 
first check value is a digital signature [A unique hash signature is a digital signature. 
(Page 3, Par 0035)]. 
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Regarding claim 17, Charbonneau teach the method as recited in Claim 10 further 
comprising: allowing only resource requests that pass through said security filter to 
be processed by said system kernel [Resource requests are only allowed when user 
verification is successful. (Page 3, Par 0035)]. 

Regarding claim 18, Charbonneau teach the method as recited in Claim 10 further 
comprising: downloading executable content using said application [Downloading user 
data file ("content") for usage ("executable" in the context of "executable content" is 
interpreted as "usable" or "for use") (Page 3, Par 0035).]. 

Regarding claim 19, Charbonneau teach the method as recited in Claim 10 further 
comprising: modifying said kernel such that only system calls that pass through 
said security filter are processed by said kernel [This is inherent because such a 
security feature taught by Charbonneau in claim 10 involving security application code 
would inherently modify OS registries thereby modifying said kernel.]. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 
(1966), that are applied for establishing a background for determining obviousness 
under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

1. Claims 2, 10, 15-16, and 20-25 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Mackay et al. [US PN US PN 7107448 B1], and further in view of 

Charbonneau [US Pub No. 2003/0074567 A1]. 

Regarding claim 2, Mackay et al. teach the method as recited in Claim 1. Mackay et al 
does not teach further comprising: sharing a secret between said security filter and said 
kernel wherein said secret is used by said security filter to generate said digital 
signature and is used by said kernel to validate said digital signature. Charbonneau 
teaches a method for determining unauthorized application execution comprising: 
sharing a secret between said security application module [hash generator] and said 
kernel [Operating System] wherein said secret [pre-determined hashing algorithm] is 
used by [hash generator] to generate said digital signature and is used by said kernel 
[via hash verifier] to validate said digital signature [Page 3, Par 0035]. It would have 
been obvious to one of ordinary skill in the art at the time of the invention to combine the 
method of determining unauthorized application execution by Charbonneau with 
Mackay's et al. method for safely executing downloaded code on a computer system 
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because the methods of Charbonneau can be implemented as executable programming 
objects that can be incorporated within the Mackay's et al. security application 
modules/programs. The suggestion for combining would have been to add security to 
Mackay's et al method by being able to determine/detect unauthorized executable 
programs resident in a computer system, thereby also detecting malicious codes such 
as viruses and Trojan horse applications. Mackay et al. and Charbonneau are in the 
same field of endeavor of providing security/protection in computer systems from 
untrusted application programs. Therefore, it would have been obvious to combine 
Mackay et al. and Charbonneau to obtain the invention as specified in claim 2. 

Regarding claim 10, a resource request is inherent in establishing a resource thread. 
The combined invention of Mackay et al and Charbonneau teaches the method of claim 
10 using the same references and rationale as claim 2. 

Regarding claim 15, the combined invention of Mackay et al. and Charbonneau teaches 
the method as recited in Claim 10 further comprising: restricting access of said 
application to said resource for a single resource request [US PN 7107448 B1, Col 9, Ln 
42-43]. 

Regarding claim 16, the combined invention of Mackay et al. and Charbonneau teaches 
the method as recited in Claim 10 further comprising: restricting access of said 
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application to said resource for a single time ["One time use" is based on "expiring" 
credentials. (US PN 7107448 B1, Col 11, Ln 31-34)]. 

Claim 20 is rejected because it is the apparatus performing the method of claim 2. 

Regarding claim 21, the combined invention of Mackay et al. and Charbonneau teach 
the system as recited in Claim 20 wherein said application is a web browser [Web 
browser is inherent in networks connected to the internet (US 7107443 B1, Col 1, Ln 
40).]. 

Claim 22 is rejected because it is the apparatus performing the methods of claims 2 and 

3. 

Claim 23 is rejected because it is the apparatus performing the methods of claims 2 and 
4. 



Claim 24 and 25 is rejected because it is the apparatus performing the methods of 
claims 2 and 7. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Martin Jeriko P. San Juan whose telephone number is 
571-272-7875. The examiner can normally be reached on M-F 8:30a - 6:00p EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an. application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



MJSJ 



GILBERTO BARRON -jK 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




